Towards Privacy-Preserving Split Learning: Destabilizing Adversarial Inference and Reconstruction Attacks in the Cloud

TL;DR

This paper introduces a novel privacy-preserving split learning method using autoencoders and class activation maps to protect against inference and reconstruction attacks, improving utility for edge-cloud systems.

Contribution

The paper proposes an autoencoder-based plug-in strategy for split learning that enhances privacy and utility, outperforming PCA-based methods in early split positions.

Findings

Autoencoder approach provides better privacy at earlier split points.

The method improves utility for resource-constrained edge devices.

Compared to PCA, the autoencoder approach offers superior protection.

Abstract

This work aims to provide both privacy and utility within a split learning framework while considering both forward attribute inference and backward reconstruction attacks. To address this, a novel approach has been proposed, which makes use of class activation maps and autoencoders as a plug-in strategy aiming to increase the user's privacy and destabilize an adversary. The proposed approach is compared with a dimensionality-reduction-based plug-in strategy, which makes use of principal component analysis to transform the feature map onto a lower-dimensional feature space. Our work shows that our proposed autoencoder-based approach is preferred as it can provide protection at an earlier split position over the tested architectures in our setting, and, hence, better utility for resource-constrained devices in edge-cloud collaborative inference (EC) systems.